Redshift clusters should enforce encryption in transit

Docs > Plateforme de sécurité Datadog > OOTB Rules > Redshift clusters should enforce encryption in transit

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

This control verifies whether Amazon Redshift cluster connections require encryption during transit. The parameter require_ssl must be set to True.

Using TLS helps protect against potential attacks, such as person-in-the-middle attempts, by securing network traffic from being intercepted or altered. Only TLS encrypted connections should be permitted. Keep in mind that encrypting data in transit may impact performance. Datadog recommends testing your application with TLS enabled to evaluate its performance and understand the potential effects.

Remediation

For guidance on configuring Redshift parameters, please refer to the Modifying a parameter group section of the Amazon Redshift Management Guide.